diff options
| author | Frédéric Buclin <LpSolit@gmail.com> | 2015-01-05 12:52:39 +0100 |
|---|---|---|
| committer | Frédéric Buclin <LpSolit@gmail.com> | 2015-01-05 12:52:39 +0100 |
| commit | a5758fa24197d6f29d487b92c0ff6e3ba0e9e114 (patch) | |
| tree | b0609246c89d69b258443984a22964fa03b75234 /template/en/default | |
| parent | e82a8134321658e6884d5a5aeccda3532cdf33f9 (diff) | |
| download | bugs-a5758fa24197d6f29d487b92c0ff6e3ba0e9e114.tar bugs-a5758fa24197d6f29d487b92c0ff6e3ba0e9e114.tar.gz bugs-a5758fa24197d6f29d487b92c0ff6e3ba0e9e114.tar.bz2 bugs-a5758fa24197d6f29d487b92c0ff6e3ba0e9e114.tar.xz bugs-a5758fa24197d6f29d487b92c0ff6e3ba0e9e114.zip | |
Bug 1113630: Set window.opener to null for the URL field to prevent interaction between a remote script and the bug report
r=gerv a=glob
Diffstat (limited to 'template/en/default')
| -rw-r--r-- | template/en/default/bug/edit.html.tmpl | 5 | ||||
| -rw-r--r-- | template/en/default/bug/show-multiple.html.tmpl | 2 | ||||
| -rw-r--r-- | template/en/default/list/table.html.tmpl | 2 |
3 files changed, 5 insertions, 4 deletions
diff --git a/template/en/default/bug/edit.html.tmpl b/template/en/default/bug/edit.html.tmpl index a7674faf8..2eb850dd6 100644 --- a/template/en/default/bug/edit.html.tmpl +++ b/template/en/default/bug/edit.html.tmpl @@ -492,7 +492,7 @@ <span id="bz_url_edit_container" class="bz_default_hidden"> [% IF is_safe_url(bug.bug_file_loc) %] <a href="[% bug.bug_file_loc FILTER html %]" target="_blank" - title="[% bug.bug_file_loc FILTER html %]"> + rel="noreferrer" title="[% bug.bug_file_loc FILTER html %]"> [% bug.bug_file_loc FILTER truncate(40) FILTER html %]</a> [% ELSE %] [% bug.bug_file_loc FILTER html %] @@ -503,7 +503,8 @@ [% url_output = PROCESS input no_td=1 inputname => "bug_file_loc" size => "40" colspan => 2 %] [% IF NOT bug.check_can_change_field("bug_file_loc", 0, 1) AND is_safe_url(bug.bug_file_loc) %] - <a href="[% bug.bug_file_loc FILTER html %]">[% url_output FILTER none %]</a> + <a href="[% bug.bug_file_loc FILTER html %]" + rel="noreferrer">[% url_output FILTER none %]</a> [% ELSE %] [% url_output FILTER none %] [% END %] diff --git a/template/en/default/bug/show-multiple.html.tmpl b/template/en/default/bug/show-multiple.html.tmpl index d3065abda..99dd53215 100644 --- a/template/en/default/bug/show-multiple.html.tmpl +++ b/template/en/default/bug/show-multiple.html.tmpl @@ -148,7 +148,7 @@ <th>[% field_descs.bug_file_loc FILTER html %]:</th> <td colspan="3"> [% IF is_safe_url(bug.bug_file_loc) %] - <a href="[% bug.bug_file_loc FILTER html %]"> + <a href="[% bug.bug_file_loc FILTER html %]" rel="noreferrer"> [% bug.bug_file_loc FILTER html %]</a> [% ELSE %] [% bug.bug_file_loc FILTER html %] diff --git a/template/en/default/list/table.html.tmpl b/template/en/default/list/table.html.tmpl index fe7678b02..d3abc9b21 100644 --- a/template/en/default/list/table.html.tmpl +++ b/template/en/default/list/table.html.tmpl @@ -213,7 +213,7 @@ [%- bug.$column.truncate(256, '...') FILTER html -%] [% ELSIF column == 'bug_file_loc' && is_safe_url(bug.bug_file_loc) %] <a href="[% bug.bug_file_loc FILTER html %]" target="_blank" - title="[% bug.bug_file_loc FILTER html %]"> + rel="noreferrer" title="[% bug.bug_file_loc FILTER html %]"> [%- display_value(column, bug.$column).truncate(col_abbrev.maxlength, col_abbrev.ellipsis) FILTER html -%] </a> [% ELSE %] |